Software runs the world. Everything from IoT, medical devices, the power grid, smart cars, and voting apps has software behind it. Learn from the best of the best on exploiting software vulnerabilities and securing the software that is the foundation of our dynamic world. Join us in the AppSec Sandbox from Tuesday, June 7 through Thursday, June 9. Plus, register today using code 32USBAPPVFD to save $150 off your RSAC 2022 Full Conference Pass. Open to Full Conference and Expo Plus passholders only.
Sandbox Talks
All times are in Pacific Time(GMT -7)
Day 1 - June 07, 2022
Colonial Pipeline - What Happened, What Changed
Lightning talk
09:40
-
10:30
June 07, 2022
Session Code: SBX4-TLT2
Classification: intermediate
Bryson Bort
|
Founder & CEO, SCYTHE
Tim Weston
|
Cybersecurity Coordinator, DHS/TSA
Kimberly Denbow
|
Managing Director, Security & Operations, American Gas Association (AGA)
Bryson Bort | Founder & CEO, SCYTHE
Tim Weston | Cybersecurity Coordinator, DHS/TSA
Kimberly Denbow | Managing Director, Security & Operations, American Gas Association (AGA)
This session will bring together press, industry, and government to talk about what happened during the Colonial Pipeline breach from multiple perspectives as well as the TSA Cybersecurity Coordinator to discuss what changed, why, and what's next.
Continue reading...macOS Attack Surface Analysis of the Application Sandbox
Track session
10:45
-
11:35
June 07, 2022
Session Code: SBX3-TIL3
Classification: advanced - technical
Shlomi Levin
|
Co-Founder and CTO, Perception Point
Shlomi Levin | Co-Founder and CTO, Perception Point
This talk will go through the process of an investigation of a recently published Apple sandbox escape zero-day. The process of uncovering a novel vulnerability is not an easy one; it is tedious and error-prone, requiring various methods and procedures. The talk will go through the various steps, fr...
Continue reading...Spreading Application Security Ownership Across the Entire Organization
Lightning talk
12:15
-
13:05
June 07, 2022
Session Code: SBX2-TLT4
Classification: intermediate - technical
Erez Yalon
|
Head of Security Research, Checkmarx
Tanya Janca
|
Founder and CEO, We Hack Purple
Rick Ramgattie
|
Staff Application Security Engineer, Gemini Trust LLC
Erez Yalon | Head of Security Research, Checkmarx
Tanya Janca | Founder and CEO, We Hack Purple
Rick Ramgattie | Staff Application Security Engineer, Gemini Trust LLC
Application Security is a group sport. Three experts tackle how AppSec professional uses persuasion and negotiation skills to get buy-in from R&D and management, how Q&A teams can use off-the-shelf DAST tools to improve testing coverage, and provide practical tools and methodologies aimed at non-spe...
Continue reading...Hacking Electronic Flight Bags
Track session
13:15
-
14:05
June 07, 2022
Session Code: SBX1-TIL5
Classification: general
Ken Munro
|
CEO, Pen Test Partners Inc.
Ken Munro | CEO, Pen Test Partners Inc.
Electronic Flight Bags are typically tablets used by commercial pilots to compute take off power requirements, landing braking distance, safe approaches and much more. Researchers have found and responsibly disclosed various security issues in a number of EFB apps which, if they had not been resolve...
Continue reading...SANS Core NetWars Tournament v7
Capture the flag
13:15
-
15:15
June 07, 2022
Session Code: SBX7-TIL3
Classification: general - technical
Chris Elgee
|
Builder & Breaker, SANS NetWars Sandbox
Chris Elgee | Builder & Breaker, SANS NetWars Sandbox
Unique and broad-ranging, Core NetWars Tournament is the gold standard for all-in-one cyber range training and assessment for teams and individuals. From some of the most devious yet whimsical minds in the field, Core NetWars Tournament 7 is a trip through an off-kilter technical landscape with comp...
Continue reading...Secure Supply Chain through Automation - with CSAF, VEX and SBOM
Track session
14:25
-
15:15
June 07, 2022
Session Code: SBX6-TIL6
Classification: general - technical
Thomas Schmidt
|
Subject Matter Expert, Federal Office for Information Security (BSI)
Thomas Schmidt | Subject Matter Expert, Federal Office for Information Security (BSI)
Current cyberthreats make clear that the supply chain needs to be secured. However, that is a complex task. One part is the downstream propagation of vulnerability and remediation related information. This includes not only the topics mitigations and updates but also the question whether a product i...
Continue reading...Red Team ATT&CK: Initial Compromise
Capture the flag
16:45
-
18:00
June 07, 2022
Session Code: SBX3-TIL4
Classification: general
Fabien Guillot
|
Technical Marketing Manager, Vectra AI
Fabien Guillot | Technical Marketing Manager, Vectra AI
It starts with an assumed compromise. When prevention fails security teams need to have an understanding of the actions taken by attackers to stop them. In Red Team ATT&CK: Initial Compromise attendees will learn the tactics of critical attack vectors, practice how attackers exploit network vulnerab...
Continue reading...Day 2 - June 08, 2022
The Simple, Yet Lethal, Anatomy of a Software Supply Chain Attack
Track session
08:30
-
09:20
June 08, 2022
Session Code: SBX2-WIL1
Classification: general - technical
Erez Yalon
|
Head of Security Research, Checkmarx
Jossef Harush
|
Director of Engineering, Supply Chain Security, Checkmarx
Erez Yalon | Head of Security Research, Checkmarx
Jossef Harush | Director of Engineering, Supply Chain Security, Checkmarx
While commercial supply chain attacks are becoming more manageable, security teams have a much harder time with open-source software supply chains. This session will provide an attacker's perspective of open-source flows and flaws and dive into several unique supply chain weaknesses. Demos will show...
Continue reading...Red Team ATT&CK: Initial Compromise
Capture the flag
09:40
-
11:40
June 08, 2022
Session Code: SBX3-WIL2
Classification: general - technical
Fabien Guillot
|
Technical Marketing Manager, Vectra AI
Fabien Guillot | Technical Marketing Manager, Vectra AI
It starts with an assumed compromise. When prevention fails security teams need to have an understanding of the actions taken by attackers to stop them. In Red Team ATT&CK: Initial Compromise attendees will learn the tactics of critical attack vectors, practice how attackers exploit network vulnerab...
Continue reading...The Supply Chain is Broken: The Case of BLUEMONDAY & How To Own Everything
Track session
09:40
-
10:30
June 08, 2022
Session Code: SBX5-WIL2
Classification: advanced - technical
Ken Pyle
|
Partner, Exploit Developer / Graduate Professor of Cybersecurity, CYBIR
Ken Pyle | Partner, Exploit Developer / Graduate Professor of Cybersecurity, CYBIR
This session will outline the multi-vendor exploit series covered in CERT Case #667789 (and possibly others), a series of critical vulnerabilities in critical networking infrastructure. The researchers will demonstrate long lived and undisclosed critical flaws in IoT, how to map the software supply...
Continue reading...Adaptively Fingerprinting Users/Applications at Scale with GPU Acceleration
Track session
10:45
-
11:35
June 08, 2022
Session Code: SBX2-WIL3
Classification: general - technical
Rachel Allen
|
Senior Data Scientist, Cybersecurity, Nvidia
Gorkem Batmaz
|
Senior Data Scientist, Cybersecurity, Nvidia
Arjun Chakraborty
|
Senior Software Engineer, Security Analytics, Nvidia
Rachel Allen | Senior Data Scientist, Cybersecurity, Nvidia
Gorkem Batmaz | Senior Data Scientist, Cybersecurity, Nvidia
Arjun Chakraborty | Senior Software Engineer, Security Analytics, Nvidia
The massive scale, dimensionality, and heterogeneity of user application data requires an adaptive approach to detect malicious actions. This session will demo Morpheus, an open source framework, that supports assembling of multiple machine learning models to dynamically fingerprint users based on t...
Continue reading...Cybersupply Chain Security—Powering Resources to Mitigate Risk
Lightning talk
12:15
-
13:05
June 08, 2022
Session Code: SBX6-WLT4
Classification: intermediate
Christine Horwege
|
Director, Emerging Cyber Practice, CGI Federal
Shari Gribbin
|
Managing Partner, CNK Solutions
Tony Eddleman
|
Director, NERC Reliability Compliance, Nebraska Public Power District (NPPD)
Rishita Rai
|
Senior Product Manager, Expedia Group
Christine Horwege | Director, Emerging Cyber Practice, CGI Federal
Shari Gribbin | Managing Partner, CNK Solutions
Tony Eddleman | Director, NERC Reliability Compliance, Nebraska Public Power District (NPPD)
Rishita Rai | Senior Product Manager, Expedia Group
Supply chain security risks are rapidly evolving threats and a growing concern within the critical infrastructure. This session will bring together industry experts with decades of experience in regulatory, supply chain, risk management, and power operations to discuss practical steps, templates, an...
Continue reading...SANS Core NetWars Tournament v7
Capture the flag
12:15
-
14:15
June 08, 2022
Session Code: SBX7-TIL3
Classification: general - technical
Chris Elgee
|
Builder & Breaker, SANS NetWars Sandbox
Chris Elgee | Builder & Breaker, SANS NetWars Sandbox
Unique and broad-ranging, Core NetWars Tournament is the gold standard for all-in-one cyber range training and assessment for teams and individuals. From some of the most devious yet whimsical minds in the field, Core NetWars Tournament 7 is a trip through an off-kilter technical landscape with comp...
Continue reading...Cyber-Physical Security Awareness for Developers, Implementors, & Operators
Track session
13:15
-
14:05
June 08, 2022
Session Code: SBX1-WIL5
Classification: general - technical
Steve Scarbrough
|
Chief Technologist, IntelliGenesis LLC.
Steve Scarbrough | Chief Technologist, IntelliGenesis LLC.
Introduce, demonstrate, and provide an interactive overview of the CybatiWorks exploratory cyber-physical mission station workshop. Participant mission station exercises will cover an introduction to cyber-physical topics of logic, sensors and actuators, OT system architecture, communication protoco...
Continue reading...Use the Force Luke: Harnessing Shodan to Hunt for Threats to ICS Systems
Track session
14:25
-
15:15
June 08, 2022
Session Code: SBX4-WIL6
Classification: intermediate - technical
Dan Gunter
|
Founder and CEO, Insane Forensics
Paul Mathis
|
Lead Cybersecurity Analyst, Insane Forensics
Dan Gunter | Founder and CEO, Insane Forensics
Paul Mathis | Lead Cybersecurity Analyst, Insane Forensics
Many analysts view Shodan as a tool used by red teamers and penetration testers to identify vulnerable systems. However, Shodan has many features that make it a great tool to keep in the repertoire when conducting Threat Hunts. This talk will show how Shodan can help enrich data and provide valuable...
Continue reading...Red Team Tools and Tactics - 201
Capture the flag
14:25
-
16:30
June 08, 2022
Session Code: SBX7-WIL3
Classification: intermediate - technical
In Red Team Tools and Tactics 101- attendees will learn the basics of how to manually discover web application flaws, not using any tools. RTT&T 201 is the next evolution in how to increase effectiveness through using custom, semi-automated and automated tools and how to approach a (web) black box....
Continue reading...Tube - A Reverse SOCKS Proxy for Embedded Systems and Offensive Operations
Track session
15:30
-
16:20
June 08, 2022
Session Code: SBX3-WIL7
Classification: intermediate - technical
Evan Anderson
|
Director of Offensive Security, Randori
Evan Anderson | Director of Offensive Security, Randori
How are attackers taking advantage of embedded systems? In this session the presenter will use opensource and embedded devices to bypass firewalls, pivot across network boundaries and gain full access to systems few consider computers. He will demonstrate “tube”, a reverse SOCKS proxy with a built-i...
Continue reading...Day 3 - June 09, 2022
Preparation for OT Incident Response
Track session
09:40
-
10:30
June 09, 2022
Session Code: SBX4-RIL1
Classification: intermediate - technical
Lesley Carhart
|
Principal Industrial Incident Responder, Dragos Inc
Lesley Carhart | Principal Industrial Incident Responder, Dragos Inc
While many industrial firms have a plan in place for how to deal with an incident in their enterprise network, industrial networks are a discrete space with different challenges. Aside from simply requiring a separate incident response plan document, there are several preparatory steps which will gr...
Continue reading...Your Control System is Hacked! Now What?
Capture the flag
09:40
-
10:40
June 09, 2022
Session Code: SBX4-RIL2
Classification: general - technical
Tom VanNorman
|
Co-founder, ICS Village
Tom VanNorman | Co-founder, ICS Village
The manufacturing facility was running just fine until an unfamiliar message popped up on the screen. It appears both the Enterprise and Process Control Networks are under attack. This table top exercise will challenge security teams to find the best approach to respond to this attack. This scenario...
Continue reading...Building a Cloud-Based Pentesting Platform
Track session
13:00
-
13:50
June 09, 2022
Session Code: SBX3-RIL4
Classification: general - technical
Phillip Wylie
|
Founder, The Pwn School Project
Phillip Wylie | Founder, The Pwn School Project
Often offensive cybersecurity professionals require a way to perform external pentesting of Internet facing targets. This ability to test externally facing systems is nothing new and has been done over the years using various configurations. In this presentation attendees will learn how to build a c...
Continue reading...Web Application Security CTF: Easy to Exploit, But Hard to Defend
Capture the flag
13:00
-
15:00
June 09, 2022
Session Code: SBX2-RIL4
Classification: intermediate - technical
Edouard Viot
|
VP Product and Engineering, Rohde & Schwarz Cybersecurity
Louis Deschanel
|
Technical Cybersecurity Evangelist, Rohde & Schwarz Cybersecurity
Soujanya Ain
|
Product Marketing Manager, Rohde & Schwarz Cybersecurity
Edouard Viot | VP Product and Engineering, Rohde & Schwarz Cybersecurity
Louis Deschanel | Technical Cybersecurity Evangelist, Rohde & Schwarz Cybersecurity
Soujanya Ain | Product Marketing Manager, Rohde & Schwarz Cybersecurity
You will learn how to improve your web application security in a fun Jeopardy style CTF. You need to exploit a website, step by step, allowing full compromise of the server. In parallel, you must help the website administrator resolve the security threats. We will provide you with some helpful hints...
Continue reading...AppSec Pod Activities
Schedule of in-person activities coming soon...